high Traffic setup problem, module status don't deliver data
Aleksandar Lazic
al-nginx at none.at
Tue Feb 11 11:41:22 UTC 2014
Am 11-02-2014 12:15, schrieb Maxim Dounin:
> Hello!
>
> On Mon, Feb 10, 2014 at 05:41:47PM +0100, Aleksandar Lazic wrote:
>
> [...]
>
>> Every time when I have more then ~400 r/s we get no data from the
>> status-request, this request rate means ~20k Packets/Second.
>> I use netfilter with fail2ban, but not the connection tracking module!
>>
>> I have now seen on the tcpdump that I get a 'RST' Package quite
>> immediately
>> after a request when the 'no answer from server' cames.
>>
>> I think this could be a kernel-network issue not a nginx issue.
>>
>> The question is:
>> Please can you help me to find the reason for the immediately 'RST'
>> answer.
>
> Listen queue overflow?
>
> On modern Linux'es, it should be possible to check some listen
> queue numbers with "ss -nlt" / "netstat -nlt" (on BSD, detailed
> information is available with "netstat -Lan"), and number of
> overflows happended in past should be in "netstat -s" stats. To
> tune listen queue size used by nginx, use "backlog" parameter of
> the listen directive. Note that system limits like
> tcp_max_syn_backlog and somaxconn also require tuning.
root at ns61620:~# ss -nlt|egrep 'Sta|<IP>'
State Recv-Q Send-Q Local Address:Port Peer
Address:Port
LISTEN 0 128 <IP>:80 *:*
sysctl -a|egrep 'somaxconn|tcp_max_syn'
net.core.somaxconn = 4069
net.ipv4.tcp_max_syn_backlog = 8192
I have not add "backlog" to the listen directive.
Do you have some suggestions about useful values for that amount of
traffic?
> If stateful firewall is used, this also can be a result of "out of
> states" conditions, check your firewall stats.
I don't use connection track module.
Aleks
More information about the nginx
mailing list